<?php

session_start();
include('db_connect.php');
$referer = 'http://localhost/planmytrip/provider.php';
$time = 5 * 60;
if (isset($_SESSION['token']) && isset($_SESSION['time']) && isset($_POST['token'])) {
    if ($_SESSION['token'] == $_POST['token']) {
        if ($_SESSION['time'] >= (time() - $time)) {
            if ($_SERVER['HTTP_REFERER'] == $referer) {
                $type = mysql_real_escape_string($_POST['type']);
                $loc = mysql_real_escape_string($_POST['location']);
                $descr = mysql_real_escape_string($_POST['descr']);
                $price = mysql_real_escape_string($_POST['price']);
                $provider_id = $_SESSION['id'];
                $req = 'INSERT INTO services VALUES (NULL, "' . $type . '", "' . $loc . '", "' . $descr . '", ' . $price . ', ' . $provider_id . ')';
                mysql_query($req) or die('Unable to register the service');
                mysql_close();
                $_SESSION['token'] = ' ';
                unset($_SESSION['token']);
                $_SESSION['time'] = ' ';
                unset($_SESSION['time']);
                die('OK');
            }
        } else {
            die('timeout');
        }
    }
}
die('XSRF');
?>
